I would normally not contribute to this, but I think having been a
passive participant of the IPng mail lists through the 80s-90s I like
the quality of reflecting "did we get what we wanted". I'm not writing
here as an RIR employee (which I am) but as somebody who was along for
the ride. We didn't
mmand because I
control the assets"
G
On Sat, 13 Nov 2021, 11:18 am Rubens Kuhl, wrote:
>
>
> On Fri, Nov 12, 2021 at 9:56 PM George Michaelson
> wrote:
>
>> Wouldn't it be cool if we had a cryptographic mechanism to sign an
>> authority to the IRR publisher to eje
Wouldn't it be cool if we had a cryptographic mechanism to sign an
authority to the IRR publisher to eject old data.
Some way you could prove you have control of the asset, and the let the
RADB people know you repudiated some old data, made under somebody else's
authority which you can't remove
On Wed, Oct 27, 2021 at 6:31 AM Shawn wrote:
>
> Curious if any IRR databases are mirroring/importing ROA data - creating
> route|6 objects from ROA?
>
> LACNIC requires a route object to be created when creating a ROA.
> APNIC you create a route object, then may generate a ROA during that
>
the 5tuple includes protocol so increased adoption of QUIC alongside
TCP bound services effectively does increase the potential size of the
NAT binding table but if we're really a single-browser model and all
going to QUIC enabled webs, the effective outcome is to burn the port
space in UDP, not
When an RIR asserts geo in Whois, it's derived from the organisational
data, but usually/often then self asserted. It was asserted by the
delegate, during registration.
When an RIR asserts geo in organisational data, it's self-asserted
through a filter of things like Dunn & Bradstreet and company
The two proposals for RPKI signed attestatations, RSC and RTA, look
candidates for a role this. The primary question is not "who are you"
which OAuth is about, it is "what resources do you control, which
would inform what we're doing here" -which is what RPKI is about.
it's important to be clear,
Google honour https://tools.ietf.org/html/rfc8805 Which they also authored.
A bunch of people are proposing a geofeed: RPSL marker to catalog how
to find the feed.
-G
On Thu, Mar 11, 2021 at 7:38 PM William Guo wrote:
>
> Google has its internal GeoIP team.
>
> But the data quality is not so
The LOA type model is one of the ones we showed on slideware when we
presented RTA in IETF, and at the CloudFlare RPKI workshop years ago.
The detached signature model inherent in RTA and RSC goes to "you
define the business logic" It's not proscriptive. I saw nothing
proposed here which I
On Wed, Feb 17, 2021 at 9:21 AM Christopher Morrow
wrote:
>
> On Tue, Feb 16, 2021 at 6:06 PM Michael Thomas wrote:
> >
> >
> > Basically are there places that you can't get allocations? If so, what
> > is happening?
>
> isn't the answer to this:
> "All except AFRNic announced their pools were
APNIC continues to have a final /8 policy and can allocate or assign
up to a /23 to new entrants from its holdings. APNIC reclaims unused
IP addresses.
https://www.apnic.net/manage-ip/ipv4-exhaustion/
On Wed, Feb 17, 2021 at 9:15 AM Jennifer Sims wrote:
>
> Pretty sure APNIC is out of
AS0 RPKI system deployed in production (Prop132)
The AS0 RPKI system previously in test has now been deployed to production.
This completes
I don't see SKEY style OTP lists as inherently bad. "its how you do
it" which concerns me, not that it is done.
-G
On Tue, Mar 24, 2020 at 9:33 AM Christopher Morrow
wrote:
>
> On Mon, Mar 23, 2020 at 7:00 PM Michael Thomas wrote:
> >
> > On 3/23/20 3:53 PM, Sabri Berisha wrote:
> >
> > Hi,
>
I own domains backed by gsuite/postini and they are awesomely spam
free, and good. What I say here shouldn't be taken as saying I don't
want that goodness.
I also work in domains which routinely get mis-tagged as spammy by
google, and that can include replying to google staffers. This isn't
good.
A fair comment would be "you massively mis-remember" and in both
JANET-Email and IPv6 terms, I would not disagree. We're talking about
things done, decisions made 35 or more years ago, to 25 years ago and
my brain has had many fine beers since then.
But the intent remains the same: we made
On Thu, Oct 3, 2019 at 12:12 PM Masataka Ohta
wrote:
>
> George Michaelson wrote:
> > Or, why we even have SRC in the header: it does not
> > inform routing.
>
> Primarily for ICMP.
Could look inside beyond first header state to see DST as payload.
optimisation for I
On Thu, Oct 3, 2019 at 11:39 AM Doug Barton wrote:
>
> Yes, IPv6 suffers from Second System Syndrome. No this is not news,
> neither is it malleable (no matter how much whinging about roads not
> taken occurs).
Which is why I said:
> On 10/2/19 6:30 PM, George M
A long time ago, in another country, JANET had a mail list to discuss
email, in a world before DNS. And, when DNS emerged, JANET mail list
made a *deliberate* decision to make the domain order of UK email
domains the reverse of every other country worldwide. A DELIBERATE
decision. (I was there, on
There are two parts of the problem. The first is the assumption of
risk: the current model of operation in the US (like in other western
economies) puts the onus of risk of misuse of the card on specific
actors. When you change the basis from signature (fraud) to chip+pin
(leak of knowledge) you
I don't want to over-state it, but 'number of prefices' slways feels
to me like a potential mis-measure. Not that you don't want to know
it, but % of announced space for a given origin-as feels like it might
be closer to the story, because there can be so many different ways to
announce it as dis-
Updating RPKI trust anchor configuration
---
APNIC has completed the process of transitioning from its previous Resource
Public Key Infrastructure (RPKI) trust anchor arrangement to a new single trust
anchor configuration. Each RIR will
t; 1500 14XX 1500
> embedded CDN <--> B4 <— > 6RD <— > client
> 1500. 14XX 1500
>
> Now you can increase the first 1500 easily. The rest of the path not so
> easily.
>
>> On 19 Jan 2018, at 9:53
if I was an ISP (Im not) and a CDN came and said "we want to be inside
you" (ewww) why wouldn't I say "sure: lets jumbo"
not even "asking for a friend" I genuinely don't understand why a CDN
who colocates and is not using public exchange, but is inside your
transit boundary (which I am told is
Don't bother: It was removed 24+ h ago after we got alerted
George
On Tue, Mar 7, 2017 at 2:10 PM, Mark Andrews wrote:
>
> In message <6bcda810-52cd-4efe-9a69-4b1aabc90...@burn.net>, Brandon Applegate
> writes:
>> Just did a whois on the documentation prefix and was surprised to
Hey!
New message, please read <http://tweakinghealth.com/making.php?av>
George Michaelson
X.400 required a session key. IIRC you had to know the other side of the
mail exchange and do (weak, but of the time what we did) shared secret
swaps to bootstrap the protocol.
Of course, a cheat-sheet of 'your idea will not work because [ ]' kills it,
but I do recall with some fondness that in
Dec gave you the source on Microfiche. If you want to change LAT just read,
and find your Bliss32 compiler.
On Mon, Jun 29, 2015 at 9:04 PM, Scott Whyte swh...@gmail.com wrote:
On 6/29/15 20:17, Johnny Eriksson wrote:
Javier Henderson jav...@kjsl.org wrote:
Or XNS. On the other hand,
On Wed, Jun 10, 2015 at 2:06 PM, Lorenzo Colitti lore...@colitti.com
wrote:
On Wed, Jun 10, 2015 at 8:30 PM, Karl Auer ka...@biplane.com.au wrote:
Seems to me that N will vary depending on what you are trying to do.
Remember, what I'm trying to do is avoid user-visible regressions while
http://rdap.apnic.net/
redirects to a web page documenting service
http://rdap.apnic.net/ip shows a json error response
http://rdap.apnic.net/ip/203.119.0.0/24
shows the /24 record for 203.119.0.0/24
-G
On Thu, Jan 8, 2015 at 1:59 PM, shawn wilson ag4ve...@gmail.com wrote:
On Wed, Jan 7,
CRISP is dead. RDAP is real. If people need to script, then RDAP is
workable JSON and for once, has converged on sensible stuff in both names
and numbers.
the whois problem is a formalism owned by ICANN, but as DRC pointed out
the WHOIS solution is dispersed.
RPSL lies to one side btw. I wish
for two asynchronous, otherwise unconnected systems, using TCP/IP there is
a state transition sequence which can be shown to work if you stick to it.
There are also (I believe) corner cases when you send unexpected sequences,
and some of them have known behaviours
in that sense, the question:
It got a pretty firefight discussion at the NZNOG. None of the ISPs feel
comfortable with it, but in avoiding a shoot-the-messenger syndrome they
tried to give good feedback to the reps from GCSB who came to talk.
Basically, a lot of post-act variations are expected to clarify what
changes do and
/Communications_Assistance_for_Law_Enforcement_Act
[2] https://en.wikipedia.org/wiki/National_security_letter
On 5/13/2014 6:40 AM, George Michaelson wrote:
It got a pretty firefight discussion at the NZNOG. None of the ISPs
feel comfortable with it, but in avoiding a shoot-the-messenger
syndrome
procmail is a rewrite of MMDF mailfilter. badly.
On Thu, Apr 10, 2014 at 8:42 AM, Christopher Morrow morrowc.li...@gmail.com
wrote:
On Wed, Apr 9, 2014 at 6:27 PM, John R. Levine jo...@iecc.com wrote:
The most sane out-of-mind response should only be sent *if* the
out-of-mind person is
you don't know the values passed by protocol, only the values
exposed in header.
(this may have changed. I don't use it any more)
On Thu, Apr 10, 2014 at 11:58 AM, John R. Levine jo...@iecc.com wrote:
On 4/9/2014 5:45 PM, George Michaelson wrote:
procmail is a rewrite of MMDF mailfilter
I am probably closer to consumer behaviour at home than most of you. I
don't regard my home router as a vehicle for hackery beyond clue I can find
on the end user public lists and rarely if ever even apply that, and I run
stock factory billion code on my billion ADSL2+ home gateway.
I just
we're already outside our operating envelope, if these community
expectation figures are believable. a wise man once said to me that when
setting formal conformance targets its a good idea to only set ones you can
honestly achieve, otherwise you're setting yourself up to be measured to
fail. I
you removed a clause in that sentence randy:
we're already outside our operating envelope, if these community
expectation figures are believable
there is a point to that clause. its the same as your answer in some
respects.
On Fri, Sep 13, 2013 at 8:39 AM, Randy Bush ra...@psg.com wrote:
I agree. I think its over stated. But I do think there was a more direct
customer-disadvantage outcome, albiet increadibly brief. I think a bunch of
people like me have now got a better sense our always-on backend is
'brittle' even if very very strong, most of the time.
On 16/10/2012, at 4:15 AM, Randy Bush ra...@psg.com wrote:
APNIC will be switching to a new RPKI 'split' trust anchor system on
the 25th of October. This change is needed to align APNIC administered
resources with their allocation hierarchy. These resources will also
be certified under each
On 16/10/2012, at 11:09 AM, David Conrad d...@virtualized.org wrote:
George,
On Oct 15, 2012, at 8:44 PM, George Michaelson g...@algebras.org wrote:
Once there is a global trust anchor, you can validate the 5 APNIC operating
CA under a single root, single TAL. Until then, an APNIC TAL
please contact me.
George Michaelson (g...@apnic.net)
Please add the following to your trust anchor set:
rsync://rpki.apnic.net/repository/apnic-rpki-root-afrinic-origin.cer
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuMLL96YV9pf0rZ4Ow/bk
no. you misunderstand.
The value proposition is not spam: that works with unallocated space.
The value proposition is gaming google page rank, by using widely spread and
legitimately routed IPs to force your paying customers page rank high, by hits
and references. This is a very high value
On 09/03/2012, at 1:03 PM, Jon Lewis wrote:
On Fri, 9 Mar 2012, George Michaelson wrote:
The value proposition is gaming google page rank, by using widely spread and
legitimately routed IPs to force your paying customers page rank high, by
hits and references. This is a very high value
On 06/12/2010, at 8:25 AM, Felipe Zanchet Grazziotin wrote:
Hi John,
On Sun, Dec 5, 2010 at 8:13 PM, John Levine jo...@iecc.com wrote:
I've been pondering IPv6 setups, and I don't understand how IPv6 rDNS
is supposed to work. It's clear enough how you look up any particular
address,
I have been looking at acl management s/w in the freecode space and I can find
lots of tools which manage/distribute and test ACLs in routers.
I'm wondering if anyone has written a parser which can construct rule-trees and
get rid of the cruft, unusable, order-misorder and other issues in a
On 19/08/2010, at 1:00 PM, Randy Bush wrote:
something which can take a couple of hundred basic and extended ACLs and
tell you
these ten don't work
these twenty conflict
the remaining x have a sequence and can reduce to this basic x-y set
maybe you could go the other direction. as
On 19/08/2010, at 1:38 PM, Randy Bush wrote:
one more comment. be careful aggregating filters. the peer may
actually announce all those damed frags, especially in massively
de-aggregated places such as india, indonesia, ...
randy
I should have been clearer that I really only want to
As part of the ongoing measurement of traffic in 1.0.0.0/8 three /24s from the
range are shortly going to be announced by AARNet, via AS7575:
1.0.0.0/24
1.1.1.0/24
1.2.3.0/24
This will be happening over the next week or so.
cheers
-George
Hi. it's been handled, so sorry for a bit of delay, which is due to the
APNIC/Apricot meeting going on in KL.
This problem was caused by missing WHOIS domain objects.
APNIC staff are helping Matthew to resolve the problem.
-George
On 05/03/2010, at 6:37 AM, Matthew Petach wrote:
Would
Avoid broken/slow servers:
afrinic =
ftp://ftp.afrinic.net/pub/stats/afrinic/delegated-afrinic-latest;,
apnic =
ftp://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest;,
lacnic=
On 13/10/2009, at 12:54 PM, Doug Barton wrote:
On Oct 12, 2009, at 7:34 PM, Justin Shore jus...@justinshore.com
wrote:
I'm actually taking an IPv6 class right now and the topic of
customer assignments came up today (day 1). The instructor was
suggesting dynamically allocating /127s to
Call for data: IPv6 enabled service logfile analysis
APNIC is seeking operators of high-traffic webhosts, and other public
facing services who can provide logfiles for their IPv6 enabled
instances. Our intention is to analyse these for the distribution of
IPv4, and the various sub-classes
53 matches
Mail list logo